Commit Graph

65 Commits

Author SHA1 Message Date
null 6e211c8366 fix: v0.94 migration signature — run(db) → run() 2026-06-06 17:17:10 -05:00
null 9a2a7ecdee feat: v0.94 — session token hashing, geolocation opt-in privacy setting 2026-06-06 17:00:22 -05:00
null 840620efe2 feat: v0.93 — stable provider keys, per-payment interest tracking with once-per-month gating 2026-06-06 16:34:20 -05:00
null 99abca9868 security: WebAuthn / FIDO2 hardware security key 2FA 2026-06-05 22:05:23 -05:00
null 59d32f4686 perf: composite DB indexes, notification N+1 batching, spending page double-fetch fix 2026-06-04 21:00:59 -05:00
null 803e91da28 fix: migration error handling for legacy DBs, fallback rejection query 2026-06-04 20:52:50 -05:00
null 910febae63 feat: bill rules manager page, merchant re-normalization, match suggestion scoring fix, cleanup pruning 2026-06-04 20:45:11 -05:00
null 743379fc94 feat: spending toggle per category, empty state, income query, auto-enable on rule creation 2026-06-04 20:01:51 -05:00
null ac5d6c6625 feat: spending tracking page with category breakdowns 2026-06-04 04:31:25 -05:00
null 653dd72e12 feat: TOTP 2FA for login & profile setup flow 2026-06-04 04:10:14 -05:00
null 26b6fb13e5 feat: login history with geolocation, encryption, new device alerts, session detection 2026-06-04 03:38:32 -05:00
null 5689fc95c2 feat: historical import batch selection UI, backend endpoint, DB migration v0.83 2026-06-04 02:36:36 -05:00
null 278521a612 fix: bank matching returns bill names, reactive Sync button in BillModal, error handling in merchant rule service 2026-06-03 23:29:30 -05:00
null e271c54ac6 fix: reconcileLegacyMigrations asserts version sync with runMigrations to prevent drift 2026-06-03 22:38:33 -05:00
null ff7ae8b3ab perf: optimize bills list query, add merchant rule composite index (v0.81) 2026-06-03 22:25:30 -05:00
null 36f7191289 feat: push notification channels (ntfy/Gotify/Discord/Telegram) and cash flow projection
- Wire four push channels into runNotifications() with urgency mapping
- push_url and push_token encrypted at rest via AES-256-GCM
- Profile page Push card with master toggle, channel picker, test button
- Calendar CashFlowCard with period/month projections and negative alert
- Tracker card shows projected amount when cashflow data available
2026-06-03 21:43:54 -05:00
null 36a65156e3 feat: merge pipeline workflow into bill-tracker (batch v0.36.0)
- Copy pipeline-report.py from Pipeline project into scripts/
- Update TOOLS.md and MEMORY.md to reflect workflow consolidation
- (includes all uncommitted v0.36.0 changes from prior session)
2026-06-03 20:28:37 -05:00
null 67ce59db50 v0.35.0 2026-05-31 15:52:50 -05:00
null 31bafb0e55 0.34.3 2026-05-31 15:06:10 -05:00
null 90cfed035b feat: Payoff Custom mode, Summary reordering, unifed billing schedule, SimpleFIN + backup fixes (batch v0.34.1.3) 2026-05-30 21:20:51 -05:00
null c23cae1107 feat: reordering across management pages (Bills, Subscriptions, Categories, Snowball) — batch v0.34.1.2 2026-05-30 20:04:50 -05:00
null 6edb23cd66 chore: bump to v0.34.1.1, Claude.ai catalog seed, subscription fixes 2026-05-30 17:57:34 -05:00
null 35d0cbf8be chore: reset tracked db file 2026-05-30 17:27:15 -05:00
null 5449427b86 Add persistent bill reordering 2026-05-30 16:13:37 -05:00
null 5182754e0f feat(tracker): price-change drift detection with amber insight panel
Detects when a bill's recent payments have diverged from its configured
expected amount for 2+ consecutive months and surfaces it in a new
collapsible amber panel on the Tracker page.

- Migration v0.71: adds `drift_snoozed_until` to bills and
  `notify_amount_change` to users
- New `driftService.getDriftReport()`: computes per-bill payment median
  over last 3 months, flags drift above a user-configurable threshold
  (default 5%, minimum $1 delta)
- New `GET /api/bills/drift-report` and `POST /api/bills/:id/snooze-drift`
  routes (registered before `/:id` to avoid routing conflict)
- `runDriftNotifications()` added to daily worker — sends amber digest
  email per user listing all changed bills with old → new amounts
- `notify_amount_change` wired through profile and notifications routes
- `DriftInsightPanel`: collapsible amber panel with per-bill
  strikethrough old → new amount, ±% badge, TrendingUp/TrendingDown
  icons, "Update to $X.XX" (with undo toast) and "Dismiss" (30 days)
  actions; teal palette for price decreases
- `drift_threshold_pct` setting added to SettingsPage Billing Behavior
- "Notify on price changes" toggle added to ProfilePage notifications

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 14:33:55 -05:00
null 3978507572 feat(tracker): overdue command center with snooze/skip/pay + sidebar badge
- migration v0.70 adds snoozed_until TEXT to monthly_bill_state
- trackerService: snoozed_until in monthly state fetch + getOverdueCount()
- GET /api/tracker/overdue-count endpoint
- PUT /bills/:id/monthly-state validates snoozed_until
- OverdueCommandCenter component: collapsible, per-bill actions, hides snoozed
- useOverdueCount hook (2-min stale, 5-min poll, tab-only)
- Sidebar/nav uses overdue count badge on Tracker menu item
- Bump v0.33.8.7 → v0.34.0
2026-05-30 13:19:09 -05:00
null c37716f685 feat: subscription catalog v2 + GeorgiaDigits font-face (batch 0.33.8.1)
- Migration v0.69: 90 new services across 16 categories
- Fixed Discord Nitro, Twitch Turbo, X Premium categories
- GeorgiaDigits @font-face with unicode-range for digit/currency codepoints
  only, applied via --font-sans and .tracker-number
- Bump v0.33.8.0 -> v0.33.8.1
2026-05-29 18:34:50 -05:00
null b34e21d1ba feat: advisory non-bill transaction filter system (batch 0.33.8.0)
- Migration v0.68: seeds advisory_non_bill_filters (5k+ patterns) and
  advisory_bill_like_overrides (83 override terms) on first startup.
  Idempotent — skips if already seeded.
- advisoryFilterService.js: lazy in-memory cache checks override terms
  first, then scans patterns. Returns null | {confidence, category, rationale}.
- Transaction list: each row gets advisory_filter from the server.
- High-confidence unmatched transactions: show 'Probably not a bill'
  italic text instead of 'No bill linked'.
- MatchBillDialog high confidence: 'Create Bill' replaced with
  'Probably not a bill · create anyway' text link for manual override.
- MatchBillDialog medium confidence: Create Bill button renders muted.
- Same logic in empty-state CTA when search returns no results.
- BillModal onSave now returns the saved bill so callers can auto-match.
- Bump v0.33.7.3 -> v0.33.8.0
2026-05-29 18:06:12 -05:00
null 6b30ee4eb7 feat: merchant rules, auto-match on sync, duplicate API fix
- Removed duplicate unmatchTransaction API entry in api.js
- Unmonitored accounts: no chevron, click-to-expand disabled, tx panel hidden
- matched_bill_name included via LEFT JOIN bills in accounts query
- BillPickerDialog resets search/selection on open
- Link to bill: marks historical txs matched, stores merchant rule,
  applyMerchantRules catches other unmatched txs from same merchant
- Track (new subscription): creates bill with is_subscription=1, stores
  merchant rule for ongoing tracking
- SimpleFIN sync: applyMerchantRules runs after tx insert, auto-matches
  by merchant rule with payment_source='auto_match'
- Auto-match payments have transaction_id set, treated same as manual matches
- New services/billMerchantRuleService.js for rule storage and matching
- Migration for bill_merchant_rules table
2026-05-29 03:38:48 -05:00
null c43c476ae9 fix: subscription recommendation dedup and amount-bucket grouping
- Amount-bucket grouping ensures consistent charges are grouped together
- Catalog lookup names and boosts the result
- Deduplication ensures one recommendation per known service
- Removed catalog-first rewrite
2026-05-29 02:51:30 -05:00
null 820fedd58e feat: subscription catalog migration, 200-row seed, improved detection
db/database.js:
- Added monitored to COLUMN_WHITELIST
- runSubscriptionCatalogMigration() creates table + seeds 200 rows
- Migration v0.65 in both legacy reconciliation and main migrations

services/subscriptionService.js:
- SUBSCRIPTION_TYPES expanded 10→14 (food, education, shopping, security)
- TYPE_KEYWORDS updated with 30 new keywords across categories
- loadCatalog() loads 200 entries per recommendation call, graceful [] on old DBs
- lookupCatalog() longest-match wins, handles embedded domains
- inferType() catalog hit takes priority over keyword guessing
- Two-tier detection: catalog 1-hit → possible (62), 2+ → pattern/confirmed with boost (68-99)
- Canonical names from catalog, type auto-filled
- buildRecommendation() extracted as shared helper with tier + catalog_match fields
- createSubscriptionFromRecommendation sets subscription_source to catalog_match
2026-05-29 01:51:42 -05:00
null 262d7789db feat: account monitoring, expanded sync UI, match filtering, error toasts
Backend:
- v0.64 migration: monitored column on financial_accounts
- GET/PUT data-sources accounts endpoints for monitored toggle + tx listing
- matchSuggestionService: excludes unmonitored accounts from match scoring

Frontend:
- BankSyncSection rebuild: accounts panel with monitored switch, expand for
  last 50 transactions, match status badges, optimistic toggle
- TransactionMatchingSection: toast on bills load failure
- DataPage: toast on import history load failure
- ProfilePage: toast on both login history fetch failures
2026-05-29 01:06:20 -05:00
null 1b9518a5d7 fix: migration dedup and legacy reconcile gaps
- Removed double log line in runMigrations (migration name printed twice)
- Added v0.54 (user_settings) and v0.55 (user_login_history device metadata) to reconcileLegacyMigrations
- Both are idempotent, no data was ever lost, but legacy upgrades were re-running them unnecessarily
2026-05-28 23:28:53 -05:00
null 7a58d69c70 feat: hybrid subscription tracker
Added subscription metadata to bills: is_subscription, type, reminder_days, source, detected_at
Backend subscription API (routes/subscriptions.js)
SimpleFIN recommendation logic (services/subscriptionService.js)
New /subscriptions page (client/pages/SubscriptionsPage.jsx)
Track-as-subscription controls in BillModal.jsx
Navigation under Tracker menu
Accepting a recommendation creates a subscription-backed bill + links detected transactions
2026-05-28 22:54:07 -05:00
null 060c8dc2f4 chore: version bump to 0.28.01 and update HISTORY format 2026-05-16 21:36:04 -05:00
null 9d933f70cc v0.28.01 2026-05-16 20:26:09 -05:00
null b124e48ebc v0.28.0 2026-05-16 15:38:28 -05:00
null 88c1374d97 v028.0 2026-05-16 10:56:56 -05:00
null 59d9d21d4c v0.28.0 2026-05-16 10:34:32 -05:00
null 0ba315bd32 v0.28.0 2026-05-15 22:45:38 -05:00
null 263f1c5e6e v0.27.04 2026-05-15 01:36:56 -05:00
null d720931894 v0.27.02 push 2026-05-14 21:00:07 -05:00
null 440f872d97 snowball bug fixes 2026-05-14 03:00:01 -05:00
null cd61c2ef7f v.0.50 db migration bug 2026-05-14 02:51:29 -05:00
null 7d2d0bf45e 0.28.0 snowball release 2026-05-14 02:11:54 -05:00
null 48fe87ea25 corrections 2026-05-14 01:17:05 -05:00
null 52db06001f v0.23.1: migration rollback capability
- Add rollbackMigration() function in db/database.js with transaction safety
- Add POST /api/admin/migrations/rollback endpoint (admin-only)
- Rollback SQL for v0.44 (indexes), v0.45 (audit_log table), v0.46 (cycle columns)
- Error codes: NOT_APPLIED (404), ROLLBACK_NOT_SUPPORTED (422)
- Audit logging for rollback events
- Fix duplicate migrationStartTime declaration from v0.23.0 commit
- Fix broken migration completion audit log from v0.23.0 commit
- Fix DB path exposure (uses path.basename() now)
2026-05-10 10:44:39 -05:00
null 53783aaec5 v0.23.0: Detailed migration logging with timing, error context, and audit logging
- Added [migration] logging for each migration step (applying, completed, timing)
- Added [migration-error] logging with elapsed time on failures
- Added [migration] All migrations completed in Xms total timing
- Added lazy getLogAudit() for audit logging of migration failures (avoids circular dep)
- Changed DB path log to basename only (Hudson rec: reduce info disclosure)
- Version bumped to 0.23.0
2026-05-10 09:45:39 -05:00
null ee960c5c5a fix: remove circular dependency in database.js audit logging
- Remove logAudit import and call from db/database.js (circular dep with auditService)
- database.js init code uses console.log instead
- logAudit remains in setup/firstRun.js and server.js (safe, no circular dep)
2026-05-10 04:28:34 -05:00
null eb86da1e69 v0.22.3: fix ENV-seeded users skip first-login flow, add audit logging
- setup/firstRun.js: reset first_login=0, must_change_password=0 on update
- server.js: reset flags for existing regular users + add logAudit
- db/database.js: fix must_change_password=0 in init code (was 1)
- Add logAudit calls for seed.flag_reset events
- database.js uses console.log for init-time resets (avoids circular dep)
- Hudson audit: 6/6 PASS after audit logging fix
2026-05-10 04:24:51 -05:00